<?php
	/*
		UserCake
		http://usercake.com
		
		Developed by: Adam Davis
	*/
	require_once("models/config.php");
	require_once("ui.php");
	
	//Prevent the user visiting the logged in page if he/she is already logged in
	if(isUserLoggedIn()) { header("Location: account.php"); die(); }
	
function checkPassword1($entered_password, $stored_password) 
{
	$hashed_password = generateHash($entered_password, $stored_password);
	if ($hashed_password != $stored_password) {
		// password does not match
		return false;
	}
	
	return true;
}

function checkPassword2($entered_password, $stored_password) 
{
	$hashed_password = crypt_apr1_md5($entered_password);
	return checkPassword1($hashed_password, $stored_password);
}

?>
<?php
	/* 
		Below is a very simple example of how to process a login request.
		Some simple validation (ideally more is needed).
	*/

//Forms posted
if(!empty($_POST)) {
		
	$errors = array();
	$username = trim($_POST["username"]);
	$password = trim($_POST["password"]);

	//Perform some validation
	//Feel free to edit / change as required
	if($username == "")
	{
		$errors[] = lang("ACCOUNT_SPECIFY_LOGIN");
	}
	if($password == "")
	{
		$errors[] = lang("ACCOUNT_SPECIFY_PASSWORD");
	}
		
	//End data validation
	if(count($errors) == 0) {
		
		//A security note here, never tell the user which credential was incorrect
		if(!usernameExists($username)) {
			$errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID");
		}
		else {
			$userdetails = fetchUserDetails($username);
		
			//See if the user's account is activation
			if($userdetails["Active"]==0) {
				$errors[] = lang("ACCOUNT_INACTIVE");
			}
			else {
				$match = checkPassword1($password, $userdetails["Password"]);
				if($match) {
					//Passwords match! we're good to go'
					
					//Construct a new logged in user object
					//Transfer some db data to the session object
					$loggedInUser = new loggedInUser();
					$loggedInUser->email = $userdetails["Email"];
					$loggedInUser->user_id = $userdetails["User_ID"];
					$loggedInUser->hash_pw = $userdetails["Password"];
					$loggedInUser->username = $userdetails["Username"];
					$loggedInUser->clean_login = $userdetails["Login_Clean"];
					
					//Update last sign in
					$loggedInUser->updateLastSignIn();
	
					$_SESSION["userCakeUser"] = $loggedInUser;
					
					//Redirect to user account page
					header("Location: index.php");
					die();
				}
				else {
					//Again, we know the password is at fault here, but lets not give away the combination incase of someone bruteforcing
					$errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID");
				}
			}
		}
	}
}
?>
<?php printPageHead(null, null); ?>

	<?php printNavigationBar('login', NAVIGATION_ITEM_LOGIN) ?>		
		<div id="content" class="container_16 clearfix">
			<div class="grid_5">
		        <?php
		        if(!empty($_POST))
		        {
			        if(count($errors) > 0)
			        {
		        ?>
		        <div id="errors">
	            	<h2>Login unsuccessful</h2>
			        <?php errorBlock($errors); ?>
		        </div>     
		        <?php
			        }
		        }
		        ?> 

	            <div id="regbox">
	                <form name="newUser" action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post">
	                <p>
	                    <label>Username:</label>
	                    <input type="text" name="username" />
	                </p>
	                
	                <p>
	                     <label>Password:</label>
	                     <input type="password" name="password" />
	                </p>
	                
	                <p>
	                    <label>&nbsp;</label>
	                    <input type="submit" value="Login" class="submit" />
	                </p>
	
	                </form>
	                
	            </div>
			</div>
		</div>
		
<?php printPageFoot(); ?>
